Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/3e73a6-1da7-47f6-a38c-0ee847d3fb79/1/c6ihynG2JM27Zj49R2FT98ZDrHo.roa
File:                     c6ihynG2JM27Zj49R2FT98ZDrHo.roa (raw, json)
Hash identifier:          gm1ThE7KDTiJO1ol1krzcYIGIS30sPm6Co3cdgoveKY=
Subject key identifier:   73:A8:A1:CA:71:B6:24:CD:BB:66:3E:3D:47:61:53:F7:C6:43:AC:7A
Certificate issuer:       /CN=a065e65749caa5fbb491e906977db18d3559bf43
Certificate serial:       018CC86FDFE201E67B24C452784B4CD8E6C7
Authority key identifier: A0:65:E6:57:49:CA:A5:FB:B4:91:E9:06:97:7D:B1:8D:35:59:BF:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oGXmV0nKpfu0kekGl32xjTVZv0M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/3e73a6-1da7-47f6-a38c-0ee847d3fb79/1/c6ihynG2JM27Zj49R2FT98ZDrHo.roa
Signing time:             Tue 02 Jan 2024 04:30:24 +0000
ROA not before:           Tue 02 Jan 2024 04:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44045
IP address blocks:        185.79.60.0/22 maxlen: 22
                          185.79.63.0/24 maxlen: 24
                          185.79.60.0/24 maxlen: 24
                          185.79.62.0/24 maxlen: 24
                          185.79.61.0/24 maxlen: 24
                          2a05:7200::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/3e73a6-1da7-47f6-a38c-0ee847d3fb79/1/oGXmV0nKpfu0kekGl32xjTVZv0M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/3e73a6-1da7-47f6-a38c-0ee847d3fb79/1/oGXmV0nKpfu0kekGl32xjTVZv0M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oGXmV0nKpfu0kekGl32xjTVZv0M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:df:e2:01:e6:7b:24:c4:52:78:4b:4c:d8:e6:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a065e65749caa5fbb491e906977db18d3559bf43
        Validity
            Not Before: Jan  2 04:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73a8a1ca71b624cdbb663e3d476153f7c643ac7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:b4:11:56:a1:96:ea:6f:f9:17:cd:6f:68:3c:
                    e7:6a:b8:d9:56:b0:4e:7d:97:96:36:37:94:f0:3b:
                    17:96:36:6a:b8:14:eb:81:5c:9f:35:51:61:ab:14:
                    3d:ac:f7:2a:f6:de:04:41:0e:e3:e6:72:46:6b:ed:
                    19:ce:8b:44:01:02:68:30:e9:3a:13:a9:7d:8d:86:
                    34:e7:cc:e2:07:b8:ea:28:c0:e2:69:b5:6c:9f:23:
                    57:71:ef:76:ef:5f:ca:44:9e:e9:f6:f3:d0:cd:fb:
                    d7:b3:64:40:25:ff:9e:4e:36:2b:c1:80:70:9e:ea:
                    e8:0f:a8:9f:8d:e8:71:d8:3b:b7:c2:f3:8b:11:15:
                    77:fe:0a:1c:b1:ae:e3:4e:11:84:da:e6:e8:25:3a:
                    13:08:cd:d6:5d:f3:4d:ff:95:e7:6c:9f:be:78:c3:
                    33:8c:b3:14:f2:18:ba:3a:02:b4:7e:21:62:dc:e5:
                    f4:37:7c:35:88:99:06:7f:4a:c0:ec:f1:ef:a5:18:
                    04:c8:ab:fe:7a:0a:2b:72:bb:4d:78:ec:02:6c:e5:
                    59:31:24:61:8d:8a:7f:6d:b2:54:30:9a:be:a1:96:
                    ee:cf:66:c9:d3:aa:ca:1b:83:84:48:28:90:8b:a8:
                    a6:7a:6f:09:7b:4e:24:ff:fa:07:65:a8:8a:4a:10:
                    ea:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:A8:A1:CA:71:B6:24:CD:BB:66:3E:3D:47:61:53:F7:C6:43:AC:7A
            X509v3 Authority Key Identifier:
                keyid:A0:65:E6:57:49:CA:A5:FB:B4:91:E9:06:97:7D:B1:8D:35:59:BF:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oGXmV0nKpfu0kekGl32xjTVZv0M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/3e73a6-1da7-47f6-a38c-0ee847d3fb79/1/c6ihynG2JM27Zj49R2FT98ZDrHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/3e73a6-1da7-47f6-a38c-0ee847d3fb79/1/oGXmV0nKpfu0kekGl32xjTVZv0M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.79.60.0/22
                IPv6:
                  2a05:7200::/29

    Signature Algorithm: sha256WithRSAEncryption
         6b:bc:47:db:61:64:ef:b5:62:f6:b6:e5:c9:de:f7:14:17:b8:
         0c:d3:57:1b:ce:d8:53:d5:70:4c:25:55:3f:05:9a:3a:25:e5:
         b3:a0:9e:91:64:44:da:4e:ad:15:ed:99:e0:ea:60:44:42:e9:
         9b:77:43:51:fe:c2:c3:57:c1:f0:af:34:12:b8:e3:15:b4:42:
         88:32:0b:25:8d:74:84:c6:5e:c2:91:8f:69:7a:35:88:cd:78:
         13:db:a0:94:b7:5f:2a:5b:31:9a:ef:40:80:c4:af:3a:53:d5:
         8f:34:7a:b7:58:11:a6:14:ef:49:19:57:32:29:8e:92:95:d3:
         ce:43:59:33:5d:be:c8:9a:3d:5a:cf:02:08:ee:34:fc:71:4d:
         1c:f6:0d:19:ed:4f:a3:9a:65:ad:74:6b:a2:3f:87:9c:eb:bf:
         28:aa:e6:78:41:3e:6d:23:54:1c:41:c5:b9:59:dd:ca:48:4f:
         0f:70:94:3a:26:6d:4c:9e:dc:fb:a6:16:19:4f:88:20:55:4d:
         b0:91:d9:c5:27:1c:75:28:7d:72:3b:3f:0d:a0:91:d3:81:6d:
         a2:d5:af:0b:ff:86:ea:0d:45:80:2d:27:7d:ea:75:4b:41:78:
         15:43:b2:eb:3e:70:b7:f7:45:ec:f8:78:b9:99:56:c0:64:d7:
         5f:8d:3d:ac
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIb9/iAeZ7JMRSeEtM2ObHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwNjVlNjU3NDljYWE1ZmJiNDkxZTkwNjk3N2RiMThkMzU1
OWJmNDMwHhcNMjQwMTAyMDQzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2E4YTFjYTcxYjYyNGNkYmI2NjNlM2Q0NzYxNTNmN2M2NDNhYzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLQRVqGW6m/5F81vaDznarjZVrBO
fZeWNjeU8DsXljZquBTrgVyfNVFhqxQ9rPcq9t4EQQ7j5nJGa+0ZzotEAQJoMOk6
E6l9jYY058ziB7jqKMDiabVsnyNXce9271/KRJ7p9vPQzfvXs2RAJf+eTjYrwYBw
nuroD6ifjehx2Du3wvOLERV3/gocsa7jThGE2uboJToTCM3WXfNN/5XnbJ++eMMz
jLMU8hi6OgK0fiFi3OX0N3w1iJkGf0rA7PHvpRgEyKv+egorcrtNeOwCbOVZMSRh
jYp/bbJUMJq+oZbuz2bJ06rKG4OESCiQi6imem8Je04k//oHZaiKShDqLQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHOoocpxtiTNu2Y+PUdhU/fGQ6x6MB8GA1UdIwQY
MBaAFKBl5ldJyqX7tJHpBpd9sY01Wb9DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0dYbVYwbktwZnUwa2VrR2wzMnhqVFZadjBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy8zZTczYTYtMWRhNy00N2Y2LWEzOGMt
MGVlODQ3ZDNmYjc5LzEvYzZpaHluRzJKTTI3Wmo0OVIyRlQ5OFpEckhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy8zZTczYTYtMWRhNy00N2Y2LWEzOGMtMGVlODQ3ZDNmYjc5
LzEvb0dYbVYwbktwZnUwa2VrR2wzMnhqVFZadjBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuU88MA0E
AgACMAcDBQMqBXIAMA0GCSqGSIb3DQEBCwUAA4IBAQBrvEfbYWTvtWL2tuXJ3vcU
F7gM01cbzthT1XBMJVU/BZo6JeWzoJ6RZETaTq0V7Zng6mBEQumbd0NR/sLDV8Hw
rzQSuOMVtEKIMgsljXSExl7CkY9pejWIzXgT26CUt18qWzGa70CAxK86U9WPNHq3
WBGmFO9JGVcyKY6SldPOQ1kzXb7Imj1azwII7jT8cU0c9g0Z7U+jmmWtdGuiP4ec
678oquZ4QT5tI1QcQcW5Wd3KSE8PcJQ6Jm1Mntz7phYZT4ggVU2wkdnFJxx1KH1y
Oz8NoJHTgW2i1a8L/4bqDUWALSd96nVLQXgVQ7LrPnC390Xs+Hi5mVbAZNdfjT2s
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:18:09 2024 by rpki-client on console-fra.rpki-client.org